HALO 0 Posted March 13, 2014 Posted March 13, 2014 Hello everyone, I just want to create a HIPS rule that can block an application that running in C:\users\user\appdata. I want to deploy this configuration via ERA Policy. So I need to specify a path like C:\users\*\appdata\applicationfolder. As I see it, ESET accept only exact path while I am creating HIPS rule. Is there any solution for this? Thank you
Administrators Marcos 5,741 Posted March 13, 2014 Administrators Posted March 13, 2014 Even if wildcards were supported in rules, the %APPDATA% variable wouldn't resolve as expected as it resolves to C:\Windows\system32\config\systemprofile\AppData for the local system account in which ekrn.exe runs.
Arakasi 549 Posted March 13, 2014 Posted March 13, 2014 (edited) Hello HALO, Instead of using ESET HIPS to prevent malware executables from being run out of the appdata directories, i would create a GPO for your users to combat this. You will have more options using windows. If you need assistance i know the Crypto Prevention Kit has some GPO's for servers and term servers you can import with little effort. Edited March 13, 2014 by Arakasi
JAF1979 4 Posted April 22, 2014 Posted April 22, 2014 HALO... The same general question was asked at another topic. See link below:https://forum.eset.com/topic/767-how-to-block-an-app/?hl=%2Bblock+%2Bapplication
Recommended Posts